Skip to Main Content
Many small-to-medium sized enterprises are finding it extremely difficult to implement proper information security governance due to cost implications. Due to this lack of resources, small enterprises are experiencing challenges in drafting information security policies as well as monitoring their implementation and compliance levels. This problem can be alleviated by means of a cost effective ”dashboard system” and automated policy generation tool. This paper will critically evaluate an existing policy generation tool, known as the Information Security Management Toolbox, and will propose improvements to this existing system based on changes in both information security standards and business needs, since the development of the original system.